How is my GRE-Tunneled packet being routed?
-
I'm trying to figure out exactly what is happening when I create a GRE tunnel. My network looks like this (-> means directly connected): Computer A (eth0: 10.0.1.1) -> (eth0: 10.0.1.2) Router B (eth1: 10.0.2.1) -> (eth0: 10.0.2.2) Router C (eth1: 10.0.3.1) -> (eth0: 10.0.3.2) Router D (eth1: 10.0.4.1) -> (eth-: 10.0.4.2) Computer E I've run the following commands on Router B: ip tunnel add Tunnel5 mode gre local 10.0.2.1 remote 10.0.3.2 ifconfig Tunnel5 192.168.33.2 netmask 255.255.255.0 up ip route add 10.0.4.2/32 via 192.168.33.3 with the following connection information: conn routerD_eth0 type=tunnel authby=secret left=10.0.2.1 leftsubnet=10.0.2.1/32 right=10.0.3.2 rightsubnet=10.0.3.2/32 auto=start And the equivalent on Router D: ip tunnel add Tunnel5 mode gre local 10.0.3.2 remote 10.0.2.1 ifconfig Tunnel5 192.168.33.3 netmask 255.255.255.0 up ip route add 10.0.1.1/32 via 192.168.33.2 with conn routerb_eth1 type=tunnel authby=secret left=10.0.3.2 leftsubnet=10.0.3.2/32 right=10.0.2.1 rightsubnet=10.0.2.1/32 auto=start This is what I can observe at Router A if I ping from Computer A to Computer B: Traffic enters eth0 with the destination of 10.0.4.2. Traffic is routed to the new Tunnel5 interface: Caused by the routing rule I added (ip route add 10.0.4.2/32 via 192.168.33.3) ??? Magic ??? Somehow the traffic is encapsulated and routed back to the router with the new destination address of 10.0.3.2 Normal OSPF routing rules cause the traffic to go out eth1 and on to its destination. What happens at step 3? Additional Information Some commands and their output, all run at Router A: $ ip tunnel show Tunnel5: gre/ip remote 10.0.3.2 local 10.0.2.1 $ setkey -DP 10.0.3.2[any] 10.0.2.1[any] 255 ... /esp/tunnel/10.0.3.2-10.0.2.1/unique:3 ... 10.0.2.1[any] 10.0.3.2[any] 255 ... /esp/tunnel/10.0.2.1-10.0.3.2/unique:3 ... Theory The router just knows, based on the information in "ip tunnel show", that traffic routed to Tunnel5 should be encapsulated with the new source and destination addresses. The encapsulated packet should just be routed like normal. In this case, the IPSec Policies match up and encrypt the packet, preserving the source and destination addresses. The packet is then routed, based on the routing table, to Router C. Just a guess.
-
Answer:
When the packet enters the router, it is routed out the tunnel interface because of your static route. the router encapsulates the packet in a GRE packet, with the destination 10.0.3.2. The router then routes this packet according to the routing table (i.e. out eth 1). When it gets to router D, the packet is decapsulated and then routed normally.
exxodus7 at Server Fault Visit the source
Related Q & A:
- Where Is Packet Lunchbox?Best solution by ebay.com
- What is GRE? What is its significance?Best solution by Yahoo! Answers
- How long should i prepare for my GRE exam?Best solution by Yahoo! Answers
- What is the best time to start preparing for GRE?Best solution by Yahoo! Answers
- How to prepare for GRE Exam?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.